package com.evaluation_system.interceptor;


import com.evaluation_system.Util.JwtUtil;
import com.evaluation_system.constant.JwtClaimsConstant;
import com.evaluation_system.context.BaseContext;
import com.evaluation_system.pojo.JwtProperties;
import io.jsonwebtoken.Claims;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;




/**
 * jwt令牌校验的拦截器
 */
@Component
@Slf4j
public class JwtTokenAdminInterceptor implements HandlerInterceptor {

    @Autowired
    private JwtProperties jwtProperties;

    /**
     * 校验jwt
     *
     * @param request
     * @param response
     * @param handler
     * @return
     * @throws Exception
     */
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        System.out.println("当前线程的id:"+  Thread.currentThread().getId());
        //判断当前拦截到的是Controller的方法还是其他资源
        if (!(handler instanceof HandlerMethod)) {
            //当前拦截到的不是动态方法，直接放行
            return true;
        }

        //1、从请求头中获取令牌
        String token = request.getHeader(jwtProperties.getAdminTokenName());

        //2、校验令牌
        try {
            log.info("jwt校验:{}", token);
            // 2.1解析 token，获取 userId 和 role
            Claims claims = JwtUtil.parseJWT(jwtProperties.getAdminSecretKey(), token);
            Long userId = Long.valueOf(claims.get(JwtClaimsConstant.USER_ID).toString());
            String role = claims.get("role").toString().toLowerCase();
            // 2.2 获取请求路径
            String uri = request.getRequestURI();  // 例如：/admin/employee/list
            log.info("请求路径：{}", uri);
            // 2. 3判断路径是否包含角色关键词（如 admin、user、evaluator 等）
            if (!uri.toLowerCase().contains("/" + role + "/")) {
                log.warn("角色不匹配：路径与 Token 中角色不一致");
                response.setStatus(403); // Forbidden
                response.getWriter().write("无权限访问该资源");
                return false;
            }
            // 2.4 存入上下文
            log.info("当前用户id：", userId);
            log.info("当前用户角色：", role);
            BaseContext.setCurrentId(userId);
            //3、通过，放行
            return true;
        } catch (Exception ex) {
            //4、不通过，响应401状态码
            response.setStatus(401);
            return false;
        }
    }
}
